Debian Archive Signing Key to be changed

February 9th, 2011

The Debian Project wishes to announce the change of the GNU Privacy
Guard key used to digitally sign the archive reference files. Signatures
are used to ensure that packages installed by users are the very same
originally distributed by Debian and have not been exchanged or
tampered with.

Affected distributions are the Debian unstable branch (codenamed Sid)
as well as the testing branch (codenamed Wheezy). The Debian
Security (security.debian.org) and Backports (backports.debian.org) archive
also start using the new key now. The current stable
version Debian 6.0 (codenamed Squeeze) and the current
oldstable version Debian GNU/Linux 5.0 (codenamed Lenny) will have
their ftpmaster signature updated with their next point release.

The new key has already been distributed via the debian-archive-keyring
package and is included in all current releases of Debian.

Starting with the next mirror update this evening only the new key will be used.

This key rollover is a normal maintenance task and was started in
August 2010. For security reasons Debian's archive signing keys regularly
expire after three years.

About Debian

The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Thousands
of volunteers from all over the world work together to create and
maintain Debian software. Available in 70 languages, and
supporting a huge range of computer types, Debian calls itself the
universal operating system.

Contact Information

For further information, please visit the Debian web pages at
https://www.debian.org/ or send mail to
<press@debian.org>.